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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )□ Responsive to communication(s) filed on 23 November 2004 . 
2a)[3 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^3 Claim(s) 1-12 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-12 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Claims 1-12 are pending. 
Claims 10-12 are new. 

Response to Arguments 
Note: Applicant's remarks are in bold text. Examiner's responses are indented. 

... does not disclose retrieving information stored in one section in response to principal ID 
information supplied by a principal, and then using this retrieved information along with 
information stored in another section to identify an object corresponding to the principal, 
in accordance with the current formulation of claim 1 ... 

I ■ 

Wobber Figure 2 shows an Authentication agent that includes a storing section to store 
information about each of said plurality of principals 142, 144, and 160. Wobber Fig. 2 
also shows an object information storing section to store information about each of a 
plurality of said objects 136 including- access control lists 138. Using the authentication 
ID table and the ACL the system identifies an object corresponding to the requesting 
principal. 



Claim Rejections - 35 USC § 112 
The following is a quotation of the second paragraph of 35 U.S.C. 1 12; 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 



Claims 1-12 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. In referring to claim 1, it is unclear to the examiner what the phrase "in response 
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to principal ID information supplied of said principles " means. Examiner recommends changing 
the phrase to read: "in response to principal ID information supplied by said principles'*. 
Claims 2-12 depend on claim 1. 

Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-3, 5, 6, 9, and 10-12 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Wobber et al. (U.S. Patent Number 5,235,642, hereinafter "Wobber"). Wobber discloses an 
access control subsystem and method for distributed computer system using locally cached 
authentication credentials. Wobber shows, 

In referring to claim 1 , 

• A principal information storing section to store information about each of said plurality 
of principals: 

"The computer at each node of the distributed system has a trusted computing base that 
includes an authentication agent for authenticating requests received from principals at 
other nodes in the system" (Wobber, col. 1, lines 55-58); Wobber Fig. 2 shows an 
Authentication agent 134 that includes a storing section to store information about each 
of said plurality of principals 142, 144, and 160 

• An object information storing section to store information about each of a plurality of 
said objects: 

"A further optimization is that the server process local cache is used to store a list of the 
object access control list entries previously satisfied by each requester, thereby enabling 
the server process to expedite granting access to previously accessed objects. " (Wobber, 
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col. 2, lines 18-22); Wobber Fig. 2 shows an object information storing section to store 
information about each of a plurality of said objects 136 including access control lists 138 

• An application section to retrieve a plurality of pieces of information stored in said 
principal information storing section in response to principal ID information supplied of 
said principals, and use the pieces of information retrieved from the principal information 
storing section along with information stored in said object information storing section to 
identify an object corresponding to said one of said principals: 

"In the preferred embodiment, the objects 136 to which access is governed by the 
reference monitor program 132 on node 102-1 are stored in the computer at that node 
(other arrangements may be possible). Each object 136 includes an Access Control List 
(ACL) 138 which defines the set of principals' who are authorized to access the object 
136. " (Wobber, col. 4, lines 24-30) 

In referring to claim 2, 

• Said object supplying device is a distributed processing device in a distributed processing 
system including a network and said distributed processing device being connected to 
said network: 

"The present invention relates generally to controlling access to computer resources in a 
distributed computer system, and particularly to apparatus and methods for making such 
access control systems more efficient by locally caching in each computer authentication 
credentials for principals requesting use of that computer's resources. " (Wobber, col. 1, 
lines 7-13) 

In referring to claim 3, 

• Said distributed processing system includes said distributed processing device operating 
as a server: 

"Requests are transmitted to servers as messages that include a first identifier (called an 
Auth ID) provided by the requester and a second identifier provided (called the 
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subchannel value) by the authentication agent of the requester node, " (Wobber, col. 1, 
lines 59-63) 

• A plurality of client units being connectable to said server through said network and 
wherein said principal is any one of said client units, a user using said client unit and an 
object contained in said client unit: 

"A principal is herein defined to be the source of a request or assertion. Typically, one 
thinks of a principal as a person, or a machine acting on behalf of a person. However, 
processes many layers removed from human direction, such as those in a transaction 
processing system, can also be principals. " (Wobber, col. 4, lines 15-20) 

In referring to claim 5, 

• A receiving section to receive, from said principal, information about authentication 
needed to authenticate one principal and an authenticating section to authenticate said one 
principal based on said authentication information received by said receiving section and 
by referring to said information stored in said principal information storing section: 

"If the identifier in a request message does not match any of the entries in the server's 
local cache, then the server node's authentication agent is called to obtain authentication 
credentials from the requester's node to authenticate the request message. Upon 
receiving the required credentials from the requester node's authentication agent, the 
principal identifier of the requester and the received credentials are stored in a local 
cache by the server node's authentication agent " (Wobber, col. 2, lines 5-17) 

• Said application section, when said one principal is authenticated by said authenticating 
section to be an authorized principal, performs retrieval and supply of said object: 
"Each object 136 includes an Access Control List (ACL) 138 which defines the set of 
"principals" who are authorized to access the object 136. " (Wobber, col. 4, lines 27-30) 

In referring to claim 6, 

• Said application section, when being requested by said one principal to supply an object, 
performs retrieval and supply of said object: 
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Wobber, col. 4, lines 27-30 (see full quote above) 



In referring to claim 9, 

• Combination of said information stored in said principal information storing section with 
said information stored in said object information storing section is defined by a 
predetermined matching rule: 

Wobber, col 4, lines 27-30 (see full quote above) 

In referring to claim 10, 

• Said application section further comprises a plurality of services defining said objects, 
and supplies said object corresponding to said one of said principals to said one of said 
principals over a network: 

"Objects can be files, processes, set of data such as table or database, programs (e.g., an 
interface program which governs use of an input/output device), and so on. In the 
preferred embodiment, the objects 136 to which access is governed by the reference 
monitor program 132 on node 102-1 are stored in the computer at that node (other 
arrangements may be possible). Each object 136 includes an Access Control List (ACL) 
138 which defines the set of "principals" who are authorized to access the object 136. " 
(Wobber, col. 4, lines 21-30) 

In referring to claim 11, 

• A principal is added or deleted by modifying said principal information in said principal 
information storing section, without modifying said object information stored in said 
object information storing section: j 

The system of Wobber maintains an Auth ID table that is separate from the ACL of the 
objects. Modifying one will not affect the other 
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In referring to claim 12, 

• A principal is added or deleted by modifying said object information in said object 
information storing section, without modifying said principal information stored in said 
principal information storing section: 

The system of Wobber maintains an Auth ID table that is separate from the ACL of the 
objects. Modifying one will not affect the other 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Wobber in view of 
Moriya et al. (U.S. Patent Number 6108790, hereinafter "Moriya"). Although Wobber shows 
substantial features of the claimed invention, Wobber does not show a portable terminal as the 
client. Nonetheless this feature is well known in the art and would have been an obvious 
modification to the system disclosed by Wobber as evidenced by Moriya. 

In analogous art, Moriya discloses an authentication system using a network. Moriya shows 
the distributed processing system is a portable communication system provided with a portable 
communication terminal and wherein said client unit constituting said principal is said portable 
communication terminal: "Each of the communication terminals 1-1 through 1-n is a computer 
connected to a modem, a terminal adapter, or the like, or a portable electronic device such as a 
PDA (Personal Data Assistance). " (Moriya, col. 3, lines 60-63) 

Given these teachings, a person of ordinary skill in the art would have readily recognized the 
desirability and advantages of modifying the system of Wobber so as to use a portable terminal 
as the client, such as taught by Moriya, in order to allow portable devices to access the system. 
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Claim 7 is rejected under 35 U.S.C. 103(a) as being unpatentable over Wobber. Although 
Wobber shows substantial features of the claimed invention, including the system of claim 1 (see 
102 rejection above), Wobber is silent as to what happens when principal information is updated. 
Wobber does not explicitly show notifying a change in prinipal information to any service 
requesting such a notification. Nonetheless this feature is well known in the art and would have 
been an obvious implementation of the system disclosed by Wobber. 

The purpose of the system of Wobber is to control access to objects. If a specific principle's 
access level changes (or is disabled) it would be inherent in such a system to update any records 
of the principle stored locally on the network nodes. 

A person of ordinary skill in the art would have readily recognized the desirability and 
advantages of implementing the system of Wobber so as to provide notifications to other nodes 
and services of the updated information of principles, to prevent unauthorized principles from 
accessing objects. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy 
as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS 
from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of 
the mailing date of this final action and the advisory action is not mailed until after the end of the 
THREE-MONTH shortened statutory period, then the shortened statutory period will expire on 
the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will the statutory 
period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Scott M. Klinger whose telephone number is (571) 272-3955. The 
examiner can normally be reached on M-F 9:00am - 5:30pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Glenn Burgess can be reached on (571) 272-3949. The fax phone number for the organization 
where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Scott M. Klinger 
Examiner 
c Art Unit 2153 
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